Documente Academic
Documente Profesional
Documente Cultură
ABSTRACT: The security of data become a major issue in the present days, there are different dimensions of security in
this paper we will discuss one of the major properties of security. The signcryption is one of the techniques to secure your data by encrypting it. It was first introduced by Zheng in 1997 based on DLP. The signcryption combines the techniques of digital signature and encryption which reduces computational cost and communication overhead. The Signcryption scheme verifies the integrity of message before decryption of cipher text it also provides how the message can be verify by third party without reading the content of message. Many researchers have given their signcryption scheme to achieve security goals like confidentiality, unforgeability, integrity, forward secrecy and public verification every scheme is having their own limitations. This paper represents the cryptanalysis of popular signcryption scheme in terms of major security goals alpng with the communication overhead and computational cost.
www.ijmer.com
89 | Page
International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol.3, Issue.1, Jan-Feb. 2013 pp-89-92 ISSN: 2249-6645
II. SIGNCRYPTION
In the case of public-key cryptography, confidentiality is provided by encryption schemes, while authenticity is provided by signature schemes. In many applications, both confidentiality and authenticity are needed together. Such applications include secure email (S/MIME), secure shell (SSH), and secure web browsing (HTTPS). Until recently, the de facto solution was to use both an encryption scheme and a signature scheme, typically by sequentially composing the encryption and signature operations. This state of affairs changed in 1997, when Zheng [15] proposed using a single cryptographic primitive to achieve both confidentiality and authenticity. He called this primitive signcryption. At first glance, it is not clear why there should be any advantage to combining both goals into a single primitive. However, Zheng and others have demonstrated, through concrete examples, that signcryption schemes can provide clear benefits over the traditional sequential composition of encryption and signature schemes. Public Parameter: C: an elliptic curve of GF (ph), either with p2 150 and h=1 or p=2 and & h150. Q: a large prime number whose size is approximately |ph|. G: a point with order q, chosen randomly from the points on C. Hash: a one-way hash function output of 128 bits at least. KH: a keyed one-way hash function. ED: the encryption and decryption algorithm of a private key cipher. Alices key: Va: Alices private key, chosen uniformly at random from [1.q-1]. Pa: Alices public key (Pa=VaG, a point on C). Bobs Key: Vb: Bobs private key, chosen uniformly at random from [1.q-1]. Pb: Bobs public key (Pb=VbG, a point on C).
www.ijmer.com
90 | Page
International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol.3, Issue.1, Jan-Feb. 2013 pp-89-92 ISSN: 2249-6645 Non-repudiation: If the sender Alice denies that she sent the signcrypted text (c, R, s), any third party can run the verification procedure above to check that the message came from Alice. Public verifiability: Verification requires knowing only Alice's public key. All public keys are assumed to be available to all system users through a certification authority or published directly. The receiver of the message does not need to engage in a zeroknowledge proof communication with a judge or to provide a proof. Forward secrecy: An adversary that obtains Private Key of receiver will not be able to decrypt past messages. Previously recorded values of (c, R, s) that were obtained before the compromise cannot be decrypted because the adversary that has Private Key will need to calculate r to decrypt. Calculating r requires solving the ECDLP on R, which is a computationally difficult. Encrypted message authentication: The proposed scheme enables a third party to check the authenticity of the signcrypted text (c, R, s) without having to reveal the plaintext m to the third party. This property enables firewalls on computer networks to filter traffic and forward encrypted messages coming from certain senders without decrypting the message. This provides speed to the filtering process as the firewalls do not need to do full unsigncryption to authenticate senders. It also provides additional confidentiality in settling disputes by allowing any trusted/untrusted judge to verify messages without revealing the sent message m to the judge by running verification process as follows[15,17]. As the signcrypted text computed by the help of Alices public key P a and the IDA can be verify by certificate Authority (CA). Therefore we can say the message is coming from Alice without decrypting the original message and which is authentic sender.
Computational Complexity: Elliptic curve point operations are time consuming process. The propose signcryption scheme is having three point multiplication for signcryption, two point multiplication for unsigncryption and one point addition, for verification it requires one point multiplication and one point addition. The table 2 gives the details of comparison with the existing schemes and proposed scheme. [13] Table 2: comparison of schemes on basis of computational complexity Schemes Participant ECPM ECPA Zheng & Imai Alice 1 Bob 2 1 Han et al Alice 2 Bob 3 1 Hwang et al Alice 2 Bob 3 1
Mod. Mul 1 2 2 2 1 -
Mod. Add 1 1 1 -
Hash 2 2 2 2 1 1
Table 3: comparison based on average computational time of major operation in same secure level the elliptic curve multiplication only needs 83ms & the modular exponential operation takes 220 ms for average computational time in infineons SLE66CU* 640P security controller.[15] Schemes Zheng & Imai Bao & Deng Gamage et al Sender average. computational time in ms 1* 83=83 2*220=440 2*220=440 www.ijmer.com Recipient average computational time in ms 2*83=166 3*220=660 3*220=660 91 | Page
International Journal of Modern Engineering Research (IJMER) www.ijmer.com Vol.3, Issue.1, Jan-Feb. 2013 pp-89-92 ISSN: 2249-6645 Jung et al 2*220=440 3*220=660
V. CONCLUSION
The security of zheng & Imai, Bao & Deng, Gamage et al, Jung et al and Han et al.'s signcryption scheme [11, 8, 5] are analyzed on basics of security goal, communication overhead and computational cost. All the schemes are satisfying all the properties of security. The signcryption schemes by Bao & Deng and Gamage et al are having public verification but no forward secrecy. Similarly the Zheng & Imai not supports the forward secrecy and public verification [8] where as the Jung et al scheme supports forward secrecy but cant verifiable by public[9, 11, 13]. In terms of computational cost the Zheng & Imai scheme take less time in comparison with Bao & Deng, Gamage et al and Jung et al signcryption schemes [13]. A signcrypton scheme can be developed which will provide all the properties of security.
Reference
[1] Yuliang Zheng. Digital signcryption or how to achieve cost (signature encryption) Cost (signature), Cost (encryption). In CRYPTO '97: Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, pages 165-179, London, UK, 1997. Springer-Verlag. William Stallings. Cryptography and Network security: Principles and Practices. Prentice Hall Inc., second edition, 1999. Paul C. van Oorschot Alfred J. Menezes and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press,1996. Behrouz A. Forouzan. Cryptography and Network Security. Tata McGraw-Hill, 2007. F. Bao, R.H. Deng, A signcryption scheme with signature directly verifiable by public key, Proceedings of PKC98, LNCS 1431, Springer-Verlag, 1998, pp. 5559. LEI Feiyu, CHEN Wen, CHEN Kefei, A generic solution to realize public verifiability of signcryption, Wuhan University Journal of Natural Sciences, Vol. 11, No. 6, 2006, 1589-1592. Mohsen Toorani and Ali Asghar Beheshti Shirazi. Cryptanalysis of an efficient signcryption scheme with forward secrecy based on elliptic curve. Computer and Electrical Engineering, International Conference on, 428-432, 2008. Yuliang Zheng and Hideki Imai. How to construct efficient signcryption schemes on elliptic curves. Inf. Process. Lett., 68(5):227233, 1998. Jung.H.Y,K.S Chang, D.H Lee and J.I. Lim, Signcryption scheme with forward secrecy. Proceeding of Information Security Application-WISA, Korea, 403-475, 2001. Gamage, C., J.Leiwo, Encrypted message authentication by firewalls. Proceedings of International Workshop on Practice of Theory in Public Key Cryptography, Berlin, 69-81, 1999. X. Yang Y. Han and Y. Hu. Signcryption based on elliptic curve and its multi-party schemes. Proceedings of the 3rd ACM International Conference on Information Security (InfoSecu 04), pages 216-217, 2004. Henri Cohen and Gerhard Frey, editors. Handbook of elliptic and hyperelliptic curve cryptography. CRC Press, 2005. Mohsen Toorani and Ali Asghar Beheshti Shirazi. An elliptic curve-based signcryption scheme with forward secrecy. Journal of Applied Sciences, 9(6):1025 -1035, 2009. G. Seroussi. Elliptic curve cryptography. page 41, 1999. Hwang Lai Su. An efficient signcryption scheme with forward secrecy based on elliptic curve. Journal of applied mathematics and computation, pages 870-881, 2005. Mohsen Toorani and Ali Asghar Beheshti Shirazi. Cryptanalysis of an elliptic curve-based signcryption scheme. International journal of network security vol.10, pp 51-56, 2010. Wang Yang and Zhang. Provable secure generalized signcryption. Journal of computers, vol.5, pp 807-814, 2010.
[2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]
www.ijmer.com
92 | Page